Debug Authentication for STM32H5

Revision as of 13:22, 6 June 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

This article lists the main characteristics of Debug Authentication applied to STM32H5 MCUs.

The theorical article about Debug Authentication describes all the possibilities of this feature  : Debug Authentication

If you want to learn more about Debug Authentication specific usage for each STM32H5 device, and that you want to practice, please refer to Debug Authentication STM32H5 How to Introduction

2. Debug Authentication main principles overview

  • Debug authentication controls
    • Debug opening : Re-open Debug Access on the STM32 in a secured way.
    • Regressions : Perform regression to product states OPEN or TZ-CLOSED in a secured way, erasing user data in user Flash, SRAM and OBKeys.
  • It can be used
    • During development
    • During manufacturing
    • For field return analysis
  • Debug Authentication is only useful when STM32 is no more in product state OPEN

Refer to STM32 Product State Life cycle to learn more about product state lifecycle

  • Features
    • When TZ disabled: usage of a password (very similar to U5). Only regression possible
    • When TZ enabled: usage of certificates chain. Regressions and debug opening possible
  • Debug Authentication principle
    • Uses JTAG dedicated access point (ap0) to communicate with the chip
    • Secure protocol defined by ARM : ARM PSA ADAC V1.0. (Authenticated Debug Access Control)[1]

3. Debug Authentication for STM32H5 devices

STM32H5 Serie devices have specific characteristics that make the use of Debug Authentication different for each of them.

3.1. OBKey area

  • STM32H563/573 have OBKey areas that can be use to store keys/ passwords.
  • STM32H503 devices don't have OBKey area and use OTP (One Time programming) area to store password. That means that password can't be change anymore once provisioned.

3.2. TrustZone feature

Debug Authentication usage is different depending on the acivation of the TrustZone feature.

  • If TrustZone is activated on a device (a code secure and / or non-secure is flashed on the board) a regression/ Debug re-opening from a product state different than "OPEN" can be done using a certificate.

In this case a partial regression (to TZ-CLOSED state) or a full regression (to OPEN state) are possible.

  • If TrustZone is not enabled on a device the usage of Debug Authentication can be done only with password.

Only Full regression to OPEN state is possible.

For STM32H503 devices TrustZone can't be activated and password method is always used to perform Debug Authentication.

4. References

  1. PSA ADAC V1.0. (Authenticated Debug Access Control)


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Debug_Authentication_for_STM32H5&oldid=34806"